In the early 1990’s the government agency assigned the task of defining what processes could be used for non-destructive purging certain levels of secret information from disk drives fell under the oversight of the Defense Investigative Service (DIS). DIS later changed into DDS (Defense Security Services), which became DoD (Department of Defense), and finally today we have NIST (National Institute of Standards and Technology).
In those early years a company had to actually have its disk purge method approved by DIS.
As opposed to today, where anybody can claim “Conforms to NIST or DoD standards”
In those days the drives to be purged were SCSI. The biggest obstacle in those days was dealing with the spare blocks on the SCSI drive. We designed a process whereby all blocks on the drive, including all spare blocks, could be guaranteed purged.
After several months of trips to DIS labs, refining, and documenting, our process was finally approved.
At that time the procedure was to get DIS approval (done), and then get a branch of the armed forces to “sponsor” the purge method. Our sponsor was the US Air Force. They provided us with a letter of introduction stating that our process was DIS approved, along with a set of instructions and a contact name & number.
This entire process took close to a year to complete.
Whenever a new government agency or subcontractor approached us about purging we would send them our package of credentials, they would do their due-diligence, and we were on our way.
We were invited to present our methods and credentials at seminars, summits, and security forums. There was a real paradigm shift needed in the minds of the security specialists, since up until then physical destruction was the only way to deal with “purging” sensitive information.
Remember – this was back in the early-mid 1990’s. Disk drives were very expensive, and the ability to reuse rather than destroy was very attractive, but also a very new concept.
ATA drives and SECURITY ERASE
At that time ATA or IDE drives were truly “consumer” products. They were very small capacity, very unreliable compared to their SCSI enterprise-level cousins, and just weren’t used in scientific workstations and small computers.
But as we all know, that situation has changed radically over the past two decades.
By the early 2000’s Gordon Hughes and his Center for Magnetic Recording Research team at UCSD was hard at work on the new ATA SECURITY ERASE. We worked with them, along with some very interesting labs in New Mexico, testing, trying things, examining platters with electron microscopes – real science! Just now, going back and reading emails from that time brings a nice feeling of nostalgia to old Dr. SCSI!
And out of that came the now-standard SECURITY ERASE functions for ATA/SATA drives.
The world of drive purging is constantly changing. As drive capacities increase and as billions of disk drives are emplaced the need to purge sensitive data has never been higher.
New technologies, such as Self-Encrypting Drives (SED), and new command sets, such as the new SANITIZE feature/command set, are being specified, worked on, perfected, and finally get released into drives “in the wild”
As a company who has honestly “been there since the beginning” it is difficult to not take the grumpy old man stance – “Why, when we first purged drives we had to do it barefoot, in the snow…with the President watching…”, etc.
It is a historical fact that in those early days agency approval was a real thing, not something cut and pasted onto a web site.
But things are as things are. Today virtually anyone can say “our product conforms to DoD-5220”.
You don’t have to prove it.
You don’t have to understand the process.
You don’t have to work to keep always implementing the latest and newest technology into your purge “solution”.
We are happy to let our history speak for itself. A history that actually goes back to the beginning and a history that is being made new several times a year with updates that bring the latest purge technology to the market.